Skip to main content
Skip table of contents

Upgrade: For Air-gapped Environments Only

Because air-gapped environments do not have direct access to the Internet, you must download, extract and load several required images to your local container registry, before installing or upgrading DKP. The information below will be covered as a step during either Enterprise or Essential Upgrade steps, but feel free to familiarize yourself with the concept below if desired. Otherwise, depending on your license type, follow the relevant link to begin upgrading:

Overview of Seeding the Registry for Air-gapped Environment

In previous DKP releases, images provided by the upstream CAPA project would be used if you did not specify an image. However, the upstream images are not recommended for production and may not always be available.  Therefore, DKP now requires you to specify an AMI when creating a cluster. To create an custom image, use Konvoy Image Builder.

Explore the Customize your Image topic for more options.

Using KIB, you can build an image without requiring access to the internet by providing an additional --override flag.

Before Upgrading

For air-gapped environments - before you begin the Upgrade the CAPI Components process later in the upgrade steps, you much create a local package bundle for the artifacts.

In previous DKP releases, the distro package bundles were included in the downloaded air-gapped bundle: dkp-air-gapped-bundle_v2.8.1_linux_amd64.tar.gz. Currently, that air-gapped bundle contains the following artifacts with the exception of the distro packages:

  • DKP Kubernetes packages

  • Python packages (provided by upstream)

  • Containerd tarball

  1. Download the Complete DKP Air-gapped Bundle for this release (i.e. dkp-air-gapped-bundle_v2.8.1_linux_amd64.tar.gz) to load registry images as explained below.

  2. You will need to fetch the distro packages as well as other artifacts. By fetching the distro packages from distro repositories, you get the latest security fixes available at machine image build time.

  3. Download the correct KIB version for your DKP version and host OS/architecture for where you will build the OS bundle (not the OS that will be used to deploy the KIB image or DKP cluster): Konvoy Image Builder

  4. In your download location with internet access, you need to create an OS package bundle for the Target OS you use for the nodes in your DKP cluster. To create it, run the new DKP command create-package-bundle. This builds an OS bundle using the Kubernetes version defined in ansible/group_vars/all/defaults.yaml. Example command:

    CODE 
    ./konvoy-image create-package-bundle --os redhat-8.4 --output-directory=artifacts

Other supported air-gapped Operating Systems (OSs) can be specified in place of --os redhat-8.4 using the flag and corresonding OS name:

  • centos-7.9

  • redhat-7.9

  • redhat-8.6

  • redhat-8.8

  • rocky-9.1

  • ubuntu-20.04

  1. The Kubernetes image bundle will be located in kib/artifacts/images and you will want to verify image and artifacts. Verify the image bundles exist in kib/artifacts/images:

    CODE 
    $ ls kib/artifacts/images/
kubernetes-images-1.28.7-d2iq.1.tar kubernetes-images-1.28.7-d2iq.1-fips.tar

  2. Bring the resulting file in the artifacts directory from step 3, as well as the complete air-gapped bundle, into your air-gapped environment and proceed with the upgrade/installation as normal.

    For Pre-Provisioned Only:

  3. Upload the artifacts onto cluster hosts:

    CODE 
    konvoy-image upload artifacts \
    --container-images-dir=./kib/artifacts/images/ \
    --os-packages-bundle=./kib/artifacts/${OS_PACKAGES_BUNDLE} \
    --containerd-bundle=./kib/artifacts/${CONTAINERD_BUNDLE} \
    --pip-packages-bundle=./kib/artifacts/pip-packages.tar.gz

Download all Images for Air-gapped Deployments

If you are operating in an air-gapped environment, a local container registry containing all the necessary installation images, including the Kommander images is required. See below for prerequisites to download and then how to push the necessary images to this registry.

Connectivity with clusters attaching to the management cluster is required:

  1. Both management and attached clusters must be able to connect to the local registry.

  2. The management cluster must be able to connect to all attached cluster’s API servers.

  3. The management cluster must be able to connect to any load balancers created for platform services on the management cluster.

Extract Air-gapped Images and Set Variables

Follow these steps to extract the air-gapped image bundles into your private registry:

  1. Assuming you have downloaded dkp-air-gapped-bundle_v2.8.1_linux_amd64.tar.gz , extract the tarball to a local directory:

    CODE 
    tar -xzvf dkp-air-gapped-bundle_v2.8.1_linux_amd64.tar.gz

  2. The directory structure after extraction can be accessed in subsequent steps using commands to access files from different directories. EX: For the bootstrap, change your directory to the dkp-<version> directory similar to example below depending on your current location:

    CODE 
    cd dkp-v2.8.1

  3. Set an environment variable with your registry address:

    CODE 
    export REGISTRY_URL="<https/http>://<registry-address>:<registry-port>"
export REGISTRY_USERNAME=<username>
export REGISTRY_PASSWORD=<password>

Only Pre-provisioned: Load Images for Deployments - Konvoy

For Pre-provisioned air-gapped environments only, you must run konvoy-image upload artifacts to copy the artifacts onto the cluster hosts before you begin the Upgrade the CAPI Components process later in the upgrade steps.

  1. The Kubernetes image bundle will be located in kib/artifacts/images and you will want to verify image and artifacts.

    1. Verify the image bundles exist in kib/artifacts/images:

      CODE 
      $ ls kib/artifacts/images/
kubernetes-images-1.28.7-d2iq.1.tar kubernetes-images-1.28.7-d2iq.1-fips.tar

    2. Verify the artifacts for your OS exist in the kib/artifacts/ directory and export the appropriate variables:

      CODE 
      $ ls kib/artifacts/
1.28.7_centos_7_x86_64.tar.gz	    1.28.7_redhat_8_x86_64_fips.tar.gz			            containerd-1.6.28-d2iq.1-rhel-7.9-x86_64.tar.gz	       containerd-1.6.28-d2iq.1-rhel-8.6-x86_64_fips.tar.gz	pip-packages.tar.gz
1.28.7_centos_7_x86_64_fips.tar.gz  1.28.7_rocky_9_x86_64.tar.gz			                containerd-1.6.28-d2iq.1-rhel-7.9-x86_64_fips.tar.gz   containerd-1.6.28-d2iq.1-rocky-9.0-x86_64.tar.gz
1.28.7_redhat_7_x86_64.tar.gz	    1.28.7_ubuntu_20_x86_64.tar.gz			                containerd-1.6.28-d2iq.1-rhel-8.4-x86_64.tar.gz	       containerd-1.6.28-d2iq.1-rocky-9.1-x86_64.tar.gz
1.28.7_redhat_7_x86_64_fips.tar.gz  containerd-1.6.28-d2iq.1-centos-7.9-x86_64.tar.gz	    containerd-1.6.28-d2iq.1-rhel-8.4-x86_64_fips.tar.gz    containerd-1.6.28-d2iq.1-ubuntu-20.04-x86_64.tar.gz
1.28.7_redhat_8_x86_64.tar.gz	    containerd-1.6.28-d2iq.1-centos-7.9-x86_64_fips.tar.gz  containerd-1.6.28-d2iq.1-rhel-8.6-x86_64.tar.gz	        images

    3. Set the bundle values with the name from the private registry location:

      CODE 
      export OS_PACKAGES_BUNDLE=<name_of_the_OS_package>
export CONTAINERD_BUNDLE=<name_of_the_containerd_bundle>

      For example, for RHEL 8.4 you would set:

      CODE 
      export OS_PACKAGES_BUNDLE=1.28.7_redhat_8_x86_64.tar.gz
export CONTAINERD_BUNDLE=containerd-1.6.28-d2iq.1-rhel-8.4-x86_64.tar.gz

  2. Upload the artifacts onto cluster hosts:

    CODE 
    konvoy-image upload artifacts \
    --container-images-dir=./kib/artifacts/images/ \
    --os-packages-bundle=./kib/artifacts/${OS_PACKAGES_BUNDLE} \
    --containerd-bundle=./kib/artifacts/${CONTAINERD_BUNDLE} \
    --pip-packages-bundle=./kib/artifacts/pip-packages.tar.gz

Load Images to your Private Registry - Konvoy

Before creating or upgrading a Kubernetes cluster, you need to load the required images in a local registry if operating in an air-gapped environment. This registry must be accessible from both the bastion machine and either the AWS EC2 instances or other machines that will be created for the Kubernetes cluster.

If you do not already have a local registry set up, refer to Local Registry Tools page for more information.

Execute the following command to load the air-gapped image bundle into your private registry:

CODE 
dkp push bundle --bundle ./container-images/konvoy-image-bundle-v2.8.1.tar --to-registry=${REGISTRY_URL} --to-registry-username=${REGISTRY_USERNAME} --to-registry-password=${REGISTRY_PASSWORD}

It may take some time to push all the images to your image registry, depending on the performance of the network between the machine you are running the script on and the registry.

Load Images to your Private Registry - Kommander

Load Kommander images to your Private Registry

For the air-gapped kommander image bundle, run the command below:

Run the following command to load the image bundle:

CODE 
dkp push bundle --bundle ./container-images/kommander-image-bundle-v2.8.1.tar --to-registry=${REGISTRY_URL} --to-registry-username=${REGISTRY_USERNAME} --to-registry-password=${REGISTRY_PASSWORD}

Load Images to your Private Registry - DKP Catalog Applications

Optional: This step is required only if you have an Enterprise license.

For DKP Catalog Applications, also perform this image load:

Run the following command to load the dkp-catalog-applications image bundle into your private registry:

CODE 
dkp push bundle --bundle ./container-images/dkp-catalog-applications-image-bundle-v2.8.1.tar --to-registry=${REGISTRY_URL} --to-registry-username=${REGISTRY_USERNAME} --to-registry-password=${REGISTRY_PASSWORD}

Next Step:

Depending on your license type, you will follow the relevant link:

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close